Whether you are managing IT infrastructure, writing code or developing improved applications, you need to be concerned about security. This chapter gives you a taste of the the objectives, answers and explanations you'll need for the Infrastructure Security portion of the Security+ Certification Exam.

This chapter is from the book

This chapter is from the book

Objective 3.1: Devices

Your company has a large internal network that you would like to subnet
into smaller parts. Which of the following devices can you use to separate your
LAN and still protect critical resources? (Select all that apply.)

An internal firewall

A router between subnets

A modem between computers

A switch between departments

Which of the following are considered to be possible components of an
ethernet LAN? (Select all that apply.)

Access Point (AP)

Coax

Fiber

STP

Which of the following devices is specially designed to forward packets
to specific ports based on the packet's address?

Specialty hub

Switching hub

Port hub

Filtering hub

Objective 3.1.1: Firewalls

Your company receives Internet access through a network or gateway
server. Which of the following devices is best suited to protect resources and
subnet your LAN directly on the network server?

DSL modem

A multi-homed firewall

VLAN

A brouter that acts both as a bridge and a router

What are some of the benefits of using a firewall for your LAN? (Select
all that apply.)

Increased access to Instant Messaging

Stricter access control to critical resources

Greater security to your LAN

Less expensive than NAT servers

Which of the following are true about firewalls? (Select all that
apply.)

Filters network traffic

Can be either a hardware or software device

Follows a set of rules

Can be configured to drop packets

Which of the following are true about firewall protection when using
static packet filtering on the router? (Select all that apply.)

Static packet filtering is less secure than stateful filtering

Static packet filtering is less secure than proxy filtering

Static packet filtering is more secure than dynamic packet
filtering

Static packet filtering is more secure than stateful filtering

A packet filtering firewall operates at which of the following OSI
layers? (Select all that apply.)

At the Application layer

At the Transport layer

At the Network layer

At the Gateway layer

Firewalls are designed to perform all the following except:

Limiting security exposures

Logging Internet activity

Enforcing the organization's security policy

Protecting against viruses

Stateful firewalls may filter connection-oriented packets that are
potential intrusions to the LAN. Which of the following types of packets can a
stateful packet filter deny?

UDP

TCP

IP

ICMP

Which of the following systems run an application layer firewall using
Proxy software?

Proxy NAT

Proxy client

Client 32

Proxy server

Which of the following use routers with packet filtering rules to allow
or deny access based on source address, destination address, or port
number?

Application layer firewall

Packet filtering firewall

Router enhanced firewall

IP enabled firewall

Which of the following firewalls keeps track of the connection
state?

Application layer firewall

Packet filtering firewall

Router enhanced firewall

Stateful packet filtering firewall

Objective 3.1.2: Routers

Which of following devices discriminates between multicast and unicast
packets?

Multicast switch

Bicast switch

Bicast router

Multicast router

Your primary concern is LAN security. You want to subnet your internal
network with a device that provides security and stability. Which of the
following devices do you choose to meet these needs?

Static router

Dynamic router

Static switch

Dynamic switch

Which of the following will help you to improve your LAN security?
(Select all that apply.)

Change user passwords frequently

Install a firewall program

Use a dynamic rather than static router

Use a proxy

Which of the following is the most difficult to configure, but safest
device to use on a LAN?

Static router

IP enabled router

Dynamic router

RIP enabled router

Which of the following statements are true about routers and bridges?
(Select all that apply.)

Bridges connect two networks at the Data Link Layer

Bridges are types of inexpensive routers

Routers are improved bridges

Routers connect two networks at the Network Layer

Remember, routers work at the Network Layer of the International
Standards Organization/Open Systems Interconnection (ISO/OSI) established
sequence of OSI Layers. What is the correct and complete OSI sequence in order
from user interface (Layer 7) to the delivery of binary bits (Layer 1)?

Most networks employ devices for routing services. Routers work at which
of the following OSI layers?

Transport

Network

Presentation

Session

Objective 3.1.3: Switches

You manage a company network and the network budget. You want to minimize
costs, but desire to prevent crackers from sniffing your local network (LAN).
Which of the following devices would you recommend to meet your goals?

Hub

Switch

Router

Firewall

Which of the following statements apply to security concerns when using a
switch in the LAN? (Select all that apply.)

Switches use SSH to manage interfaces by default

Switches use Telnet or HTTP to manage interfaces

Switches are more secure than routers since they are internal to the
LAN

Switches should be placed behind a dedicated firewall

Which of following is a type of hub that forwards packets to an
appropriate port based on the packet's address?

Smart hub

Switching hub

Routing hub

Porting hub

Objective 3.1.4: Wireless

Which of the following is actually considered a critical wireless
device?

AP

WAP

WEP

WLAN

Objective 3.1.5: Modems

Which of the following are true statements about modems? (Select all that
apply.)

Modems use the telephone lines

Modem stands for modulator and demodulator

Modems are no longer used in secure networks

A modem's fastest transfer rate is 56 Kbps

Modems can be configured to automatically answer any incoming call. Many
user computers have modems installed from the manufacturer. What is the greatest
security risk when dealing with modems in this situation?

Remote access without network administrator knowledge

Local access without network administrator knowledge

Client access without network administrator knowledge

Server access without network administrator knowledge

Objective 3.1.6: RAS

Which of the following terms defines RAS?

Random Access Security

Remote Access Security

Random Access Service

Remote Access Service

Usually, a RAS connection is a dial-up connection. What network
connections also apply to RAS? (Select all that apply.)

ClientServer

ISDN

VPN

DSL

Objective 3.1.7: Telecom/PBX

Your company has gone through several phone company changes to reduce
costs. Last week, two new phone company employees indicated that they needed
remote access to your company network and wanted to establish a permanent guest
account on your RAS server for continued maintenance support. Which of the
following actions are your best recommendations for this situation? (Select all
that apply.)

Agree with their requests so that maintenance costs are reduced

Recommend that user accounts be verified with strong
authentication

Remove the guest account and create verifiable remote accounts

Create a phone company group account and place that inside the guest
account

Which of the following applies to PBX? (Select all that apply.)

PBX stands for Private Branch Exchange

PBX allows for analog, digital, and data to transfer over a high-speed
phone system

PBX stands for Public Broadcasting Exchange

PBX is used to carry analog messages and modem communication originating
at the phone company

Objective 3.1.8: VPN

You want to have a private communication between two sites that also
allows for encryption and authorization. Which of the following is the best
choice in this instance?

Modem

Firewall

VPN

Bastion Host

VPN tunnels have end points. Which of the following methods is used to
offer Strong Authentication at each end point?

DES

Block cipher

Stream cipher

Diffie-Hellman

VPNs transfer encrypted data through tunneling technology. Which of the
following performs fast data encryption and may be used with VPNs?

Stream cipher

RSA

DES

IPSec

You desire to secure a VPN connection. Which protocols should you use?
(Select all that apply.)

TLS

IPSec

SSL

L2TP

Objective 3.1.9: IDS

What does the acronym IDS stand for?

Intrusion Detection System

Internet Detection Standard

Internet Detection System

Intrusion Detection Standard

Which of the following devices is used to monitor network traffic,
including DoS attacks in real time?

A host-based Intrusion Detection System

A network-based Intrusion Detection System

A router-based Intrusion Detection System

A server-based Intrusion Detection System

Which of the following security devices acts more like a detective rather
than a preventative measure?

IDS

DMZ

NAT

Proxy

Objective 3.1.10: Network Monitoring/Diagnostic

Which of the following protocols is used to monitor network devices such
as hubs, switches, and routers?

SMTP

SNMP

RIP

OSPF

You have been using a network monitor or protocol analyzer to monitor
ethernet packets. One of the messages sent has an IP header protocol field value
of "1". What does this value classify?

UDP

ICMP

IGMP

TCP

You have been using a network monitor or protocol analyzer to monitor
ethernet packets. One of the messages sent has an IP header protocol field value
of "6". What does this value classify?

UDP

ICMP

IGMP

TCP

Objective 3.1.11: Workstations

Which of the following LAN devices is frequently a source of security
concern because of its ability to process applications, share files, and perform
network services in a peer-to-peer network?

SQL Servers

Routers

Switches

Workstations

You want to prevent users from downloading software on company
workstations. What is this called?

Desktop lookup

Desktop lockup

Desktop lockdown

Desktop lookdown

Objective 3.1.12: Servers

Which of the following is a group of independent servers that are grouped
together to appear like one server?

Proxy Server

SQL Server

Server Array

Server Cluster

Which of the following devices have similar security concerns because
they provide file sharing, network connection, and application services? (Select
all that apply.)

Switches

Routers

Workstations

Servers

3.1.13. Mobile Devices

Many mobile devices use wireless technology and may lack security. Which
of the following devices are considered mobile devices used to connect to a
network? (Select all the apply.)

PDR

PDA

Pager

PPP

Which one of the following is a small network device that is a security
concern for network administrators because the device is easily
misplaced?